Scenario 🧪
The prior lab exploited managed policies to grant access to users. This lab is very similar but instead exploits iam:AttachGroupPolicy
. With this permission, you can assign managed policies to entire groups instead of just individual users.
This lab has been misconfigured, so exploit it with iam:AttachGroupPolicy
to grant yourself Secrets Manager permissions.
You’ve successfully completed this lab once you’ve submitted the secret value as the flag!
Tips
Tip #1: If you completed the prior lab, don’t overthink this one! This lab is very similar to the prior lab (AttachUserPolicy) except you’re applying a managed policy to a group rather than an individual user.
Steps
- Using the provided Access Key ID and Secret Access Key, configure your AWS CLI profile
- Using the AWS CLI, identify what permissions your current user has access to and perform general reconnaissance to familiarize yourself with the AWS environment
- Leverage your
iam:AttachGroupPolicy
permissions to gain access to Secrets Manager - Access Secrets Manager and retrieve the secret value
- Copy/paste the secret value as the flag
Responses